Writing Keystroke Injection payloads for the Bash Bunny

Computers trust humans. Humans interact with keyboards. Hence the Human Interface Device or HID standard used by all modern USB keyboards. To a computer, if the device says it’s a keyboard — it’s a keyboard.

To pentesters, a small USB device pre-programmed to inject keystrokes into the victim computer covertly hidden inside a regular flash-drive case is a recipe for social engineering success. Hence the popular Hak5 USB Rubber Ducky – the device that invented keystroke injection attacks.

Building on this, the Bash Bunny directly interprets the Ducky Script language that has become synonymous with bad USB attacks. 

With its HID attack mode, the Bash Bunny becomes a keyboard, and Ducky Script is processed with a quick and easy QUACK command.

As you can see from the above simple payload snippet, the Ducky Script tells the Bash Bunny to become both a keyboard and a flash drive. Then, it injects keystrokes which instruct the Windows target to run a powershell script saved on said flash drive. 

Advanced attacks are enabled by combining HID attacks with the additional USB device supported by the Bash Bunny – like gigabit Ethernet, Serial and Storage. Coupled with a scripting language that supports conditions and logic using BASH, a new era of keystroke injection attacks are possible.

Learn more about using Ducky Script for Keystroke Injection attacks from the Payload Development section of the Bash Bunny documentation.



Also in Bash Bunny

Getting Root on a Bash Bunny from the Serial Console
Getting Root on a Bash Bunny from the Serial Console

Throughout the history of personal computers, serial has been a mainstay for file transfer and console access. To this day it’s widely used, from headless servers to embedded microcontrollers. With the Bash Bunny, we’ve made it convenient as ever – without the need for a serial-to-USB converter.
Top 5 file stealing
Top 5 file stealing "exfiltration" payloads for the Bash Bunny

As anyone in IT knows, two is one — one is none. It’s important to backup your documents. As a pentesters know, exfiltration is a fancy word for an involuntary backup. To that end, the Bash Bunny features at storage attack mode capable of intelligent exfiltration with gigs of high speed storage.
The Hottest Bash Bunny Hot Plug Attack: Network Hijacking
The Hottest Bash Bunny Hot Plug Attack: Network Hijacking

Exploiting local network attack vectors, the Bash Bunny emulates specialized Ethernet adapters. This network of two (the Bash Bunny and your target) provides direct access to the target – bypassing any would-be firewalls, countermeasures or intrusion detection systems from the legitimate LAN.

Sign up for sales, new releases, payloads and more…

Sign up today